Other Useful auditreduce Options

auditreduce has many additional options described in the man page. Notice that the uppercase options select operations or parameters for files, and the lowercase options select parameters for records. This subsection shows how to utilize two more useful options.

The date-time options -b and -a allow you to specify records before or after a particular day and time. A day begins at yyyymmdd00:00:00 and ends at yyyymmdd23:59:59. The six parameters of a day are: year, month, day, hour, minute, and second. The digits (19) of the year are assumed and need not be specified.

If -a is not specified, auditreduce defaults to 00:00:00, January 1, 1970. If -b is not specified, auditreduce defaults to the current time of day (GMT). The -d option selects a particular 24-hour period, as shown in "How to Copy Login/Logout Messages to a Single File".

The auditreduce -a command with the date shown in the following screen example sends all audit records created after midnight on July 15, 1991, to praudit.

# auditreduce -a 91071500:00:00 | praudit 

The auditreduce -b command with the same date shown above sends all audit records created before midnight on July 15, 1991 to praudit.

# auditreduce -b 91071500:00:00 | praudit 

The message type selection for auditreduce (-m option) accepts either numeric message identifiers or AUE_xxxxx codes. auditreduce rejects an incorrect format, but does not describe the correct format.